@lifeready/core 1.1.14 → 1.1.16

package/fesm2015/lifeready-core.js

@@ -276,7 +276,7 @@ class TimeService {
             handleApolloError(res.errors);
             const serverTime = parseInt(res.data.serverTime.timestamp, 10);
             const roundtrip = end - start;
-            this.offsetMs = serverTime - (start + roundtrip / 2);
+            this.offsetMs = Math.round(serverTime - (start + roundtrip / 2));
             if (this.VERIFY_ENABLED) {
                 yield this.verifyCognito();
             }
@@ -518,7 +518,7 @@ EncryptionService.ctorParameters = () => [
 
 class WebCryptoService {
     constructor() {
-        this.crypto = window.crypto;
+        this.kcCrypto = window.crypto;
     }
     toHex(buffer) {
         // Ref: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
@@ -530,7 +530,7 @@ class WebCryptoService {
         return __awaiter(this, void 0, void 0, function* () {
             const encoder = new TextEncoder();
             const data = encoder.encode(message);
-            const hash = yield this.crypto.subtle.digest(algorithm, data);
+            const hash = yield this.kcCrypto.subtle.digest(algorithm, data);
             return this.toHex(hash);
         });
     }
@@ -542,21 +542,6 @@ WebCryptoService.decorators = [
             },] }
 ];
 
-function sha256(message) {
-    return __awaiter(this, void 0, void 0, function* () {
-        // encode as UTF-8
-        const msgBuffer = new TextEncoder().encode(message);
-        // hash the message
-        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
-        // convert ArrayBuffer to Array
-        const hashArray = Array.from(new Uint8Array(hashBuffer));
-        // convert bytes to hex string
-        const hashHex = hashArray
-            .map((b) => ('00' + b.toString(16)).slice(-2))
-            .join('');
-        return hashHex;
-    });
-}
 class KeyFactoryService {
     constructor(webCryptoService) {
         this.webCryptoService = webCryptoService;
@@ -575,7 +560,7 @@ class KeyFactoryService {
         this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
         this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
         this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
-        this.crypto = this.webCryptoService.crypto;
+        this.kcCrypto = this.webCryptoService.kcCrypto;
     }
     static asKey(key, form, extras) {
         // <AZ> Using a single global key store did not seem to improve speed.
@@ -588,7 +573,7 @@ class KeyFactoryService {
         }
         const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
         let array = new Uint32Array(digits);
-        this.crypto.getRandomValues(array);
+        this.kcCrypto.getRandomValues(array);
         array = array.map((x) => validChars.charCodeAt(x % validChars.length));
         return String.fromCharCode.apply(null, array);
     }
@@ -603,7 +588,7 @@ class KeyFactoryService {
             throw new LrBadArgumentException('chooseN <= 0');
         }
         const values = new Uint32Array(chooseN);
-        this.crypto.getRandomValues(values);
+        this.kcCrypto.getRandomValues(values);
         const ret = [];
         values.forEach((v) => ret.push(array[v % array.length]));
         return ret;
@@ -613,13 +598,13 @@ class KeyFactoryService {
     }
     createKey() {
         return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
+            const key = yield this.kcCrypto.subtle.generateKey({
                 name: 'AES-GCM',
                 length: 256,
             }, true, // whether the key is extractable (i.e. can be used in exportKey)
             ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
             );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            const jwk = yield this.kcCrypto.subtle.exportKey('jwk', key);
             // Removing the fields not needed by node-jose
             delete jwk.ext;
             delete jwk.key_ops;
@@ -628,11 +613,11 @@ class KeyFactoryService {
     }
     createSignKey() {
         return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
+            const key = yield this.kcCrypto.subtle.generateKey({
                 name: 'HMAC',
                 hash: { name: 'SHA-512' },
             }, true, ['sign', 'verify']);
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            const jwk = yield this.kcCrypto.subtle.exportKey('jwk', key);
             // Removing the fields not needed by node-jose
             delete jwk.key_ops;
             delete jwk.ext;
@@ -646,7 +631,7 @@ class KeyFactoryService {
             // does not support sync version, so it uses the javascript implementation, which is way too slow.
             // So we generate using webcrypto and import the key.
             // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
-            const key = yield this.crypto.subtle.generateKey({
+            const key = yield this.kcCrypto.subtle.generateKey({
                 name: 'RSA-OAEP',
                 modulusLength: 2048,
                 // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
@@ -655,7 +640,7 @@ class KeyFactoryService {
             }, true, // whether the key is extractable (i.e. can be used in exportKey)
             ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
             );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            const jwk = yield this.kcCrypto.subtle.exportKey('jwk', key.privateKey);
             // Removing the fields not needed by node-jose
             delete jwk.key_ops;
             delete jwk.ext;
@@ -664,7 +649,7 @@ class KeyFactoryService {
     }
     createPkcSignKey() {
         return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
+            const key = yield this.kcCrypto.subtle.generateKey({
                 name: 'RSASSA-PKCS1-v1_5',
                 modulusLength: 2048,
                 // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
@@ -673,24 +658,28 @@ class KeyFactoryService {
             }, true, // whether the key is extractable (i.e. can be used in exportKey)
             ['sign', 'verify'] // can be any combination of "sign" and "verify"
             );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            const jwk = yield this.kcCrypto.subtle.exportKey('jwk', key.privateKey);
             // Removing the fields not needed by node-jose
             delete jwk.key_ops;
             delete jwk.ext;
             return KeyFactoryService.asKey(jwk);
         });
     }
-    deriveKey({ password, salt, iterations, kid, }) {
+    importPassword(plainPassword) {
         return __awaiter(this, void 0, void 0, function* () {
             const enc = new TextEncoder();
-            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
-            const passKey = yield crypto.subtle.deriveKey({
+            return this.kcCrypto.subtle.importKey('raw', enc.encode(plainPassword), 'PBKDF2', false, ['deriveKey']);
+        });
+    }
+    deriveKey({ password, salt, iterations, kid, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passKey = yield this.kcCrypto.subtle.deriveKey({
                 name: 'PBKDF2',
                 salt: new TextEncoder().encode(salt),
                 iterations,
                 hash: 'SHA-256',
-            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
-            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
+            }, password, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+            const passKeyJson = yield this.kcCrypto.subtle.exportKey('jwk', passKey);
             if (kid) {
                 passKeyJson.kid = kid;
             }
@@ -4396,19 +4385,19 @@ class PasswordService {
         this.idleService = idleService;
         this.CLIENT_NONCE_LENGTH = 32;
     }
-    checkPassword(password) {
+    checkPassword(plainPassword) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { years } = this.passwordStrength(password);
+            const { years } = this.passwordStrength(plainPassword);
             return {
-                length: password.length,
+                length: plainPassword.length,
                 timeToCrack: moment$1.duration({ years }),
-                passwordExposed: yield this.getExposureCount(password),
+                passwordExposed: yield this.getExposureCount(plainPassword),
             };
         });
     }
-    getExposureCount(password) {
+    getExposureCount(plainPassword) {
         return __awaiter(this, void 0, void 0, function* () {
-            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', password);
+            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', plainPassword);
             const first5sha1 = sha1Password.substring(0, 5);
             const response = yield this.http
                 .get(`https://api.pwnedpasswords.com/range/${first5sha1}`, {
@@ -5519,6 +5508,9 @@ class LifeReadyAuthService {
             Hub.listen('auth', (data) => this.hubSubject.next(data.payload));
         });
     }
+    importPassword(plainPassword) {
+        return this.keyFactory.importPassword(plainPassword);
+    }
     addLogoutListener(callback) {
         this.logoutListeners.add(callback);
     }
@@ -9142,7 +9134,7 @@ class LbopService {
                 }
             }
             const lbopKeyParams = yield this.keyFactory.createLbopKeyParams();
-            const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbopKeyParams))).jwk;
+            const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: yield this.keyFactory.importPassword(lbopString) }, lbopKeyParams))).jwk;
             const lbopKeyVerifier = yield this.keyFactory.createSignKey();
             const wrappedLbopKeyVerifier = yield this.encryptionService.encrypt(lbopKey, lbopKeyVerifier.toJSON(true));
             // Re-encrypt master key with new key
@@ -9186,7 +9178,7 @@ class LbopService {
         return __awaiter(this, void 0, void 0, function* () {
             const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
             for (const lbop of challengeResult.lbops) {
-                const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbop.lbopKeyParams))).jwk;
+                const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: yield this.keyFactory.importPassword(lbopString) }, lbop.lbopKeyParams))).jwk;
                 // If decoding successful then it's the correct lbop
                 try {
                     const lbopKeyVerifier = (yield this.encryptionService.decrypt(lbopKey, lbop.wrappedLbopKeyVerifier));